Identity Checking Method Using User Terminals

1. A method for checking the identity of a reference individual, the method comprising the following steps, implemented by a checking device: selecting terminals respectively associated with individuals forming part of a set of individuals whose identities are intended to be checked by the checking device, the reference individual forming part of the set of individuals, sending by the checking device, to each of the selected terminals, an input datum associated with the reference individual and a request asking each said terminal to implement a first cryptographic calculation producing an output datum from the input datum associated with the reference individual and from a private key specific to the individual associated with the terminal, receiving by the checking device a plurality of output data comprising each output datum produced by the first cryptographic calculation, implementing a second cryptographic calculation producing a check result relating to the reference individual from the plurality of output data.

2. The method according to claim 1, wherein at least three terminals are selected.

3. The method according to claim 1, wherein the output datum produced by a terminal also depends on a random generated by the terminal.

4. The method according to claim 1, wherein: the input datum is a first portion c1 of a cipher resulting from a calculation applied to identity data of the reference individual, the second cryptographic calculation produces the check result relating to the reference individual from each output datum and from a second portion c0 of the cipher, the implementations of the first cryptographic calculation by the terminals and the implementation of the second cryptographic calculation by the checking terminal together form a decryption of the cipher using a key that depends on the private keys specific to the individuals associated with the selected terminals.

5. The method according to claim 1, wherein the cipher results from a homomorphic encryption.

6. The method according to claim 1, wherein the decryption is a decryption using the Brakerski/Fan-Vercauteren (BFV) scheme.

7. The method according to claim 1, wherein the output datum wi produced by a selected terminal of index i is computed as follows: wi=si.c1+ei+2k.d.ri mod q where: si denotes the private key specific to an individual associated with the terminal of index i, c1 denotes the input datum, ei and ri are randoms generated by the terminal of index i, q is a predefined number, d is the lower integer part of q/t, t being an integer strictly less than q, k is a number of bits of the check result relating to the reference individual.

8. The method according to claim 1, wherein the second cryptographic calculation comprises: computing the following value: co+Σiwi where c0 denotes a datum that forms, with the input datum, a cipher resulting from an encryption applied to identity data of the reference individual, and where wi denotes the output datum produced by the terminal associated with the individual of index i, and extracting k least significant bits from a number modulo t, the number being the integer closest to the product of the computed value and t/q, q being a predefined number and t being a predefined integer strictly less than q.

9. The method according to claim 1, wherein the terminals are selected based on an identity element of the individuals associated with the terminals.

10. The method according to claim 1, wherein the terminals are selected based on a verifiable random element.

11. The method according to claim 1, further comprising a step of acquiring a biometric datum of the reference individual, wherein the input datum is at least one portion of a cipher of a datum indicating whether the reference individual is referenced in a biometric database.

12. A method for controlling access to a secure area, the method comprising implementing, for each individual forming part of a set of candidate individuals for accessing the secure area, a check on the identity of the individual using the method according to claim 1.

13. A computer-readable memory storing instructions able to be executed by a data processing unit in order to execute the steps of the method according to claim 1.